Skip to main content
Skip to main content
Microsoft Security Intelligence
Published Jun 10, 2022 | Updated Jan 16, 2024

Ransom:Win32/BlackBasta.A

Detected by Microsoft Defender Antivirus

Aliases: No associated aliases

Summary

Black Basta ransomware is a threat that compiled its first malware samples in February 2022. The ransomware deletes all Volume Shadow Copies and drops an ICO file on the device – the icons for all encrypted files are replaced with this ICO image. Earlier versions of Black Basta created a new JPG image set as the Desktop Wallpaper. Unlike other ransomware families, the newer variant of Black Basta doesn’t skip files based on their extensions. However, it doesn’t encrypt critical folders that would make the system inoperable.

For information about Black Basta and other human-operated ransomware campaigns, read this blog post:

Human-operated ransomware attacks: A preventable disaster

There is no one-size-fits-all response if you have been targeted by ransomware. To recover files, you can restore backups. There is no guarantee that paying the ransom will give you access to your files.

Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.